[15465] in bugtraq
Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed
daemon@ATHENA.MIT.EDU (Przemyslaw Frasunek)
Sat Jun 24 15:07:00 2000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <083301bfddad$003642e0$0273b6d4@freebsd.lublin.pl>
Date: Sat, 24 Jun 2000 09:22:48 +0200
Reply-To: Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL>
From: Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
> 3. Problem description:
> An exploitable buffer overrun existed in wu-ftpd code's status update code.
> Fixed by adding bounds checking by passing the status strings through %s.
Yet another clueless advisory. I say it loudly: THIS IS NOT BUFFER OVERFLOW
ATTACK. All applications that doesn't use format strings properly are vulnerable
to <retloc>%.f%.f%.f %.<ret>d%n attack.
--
* Fido: 2:480/124 ** WWW: http://www.freebsd.lublin.pl ** NIC-HDL: PMF9-RIPE *
* Inet: venglin@freebsd.lublin.pl ** PGP: D48684904685DF43 EA93AFA13BE170BF *
